Cisco IronPort ESA

Cisco IronPort Email Security Appliance (ESA)

How to setup TLS on IronPort

These steps walk you through configuring TLS encryption on email communication with specific partner domains or configuring TLS for all Outbound and Inbound email. TLS for Incoming Mail Receiving mail is controlled by the HAT Overview/Mail Flow Policies.  In other words, when hosts attempting to send mail to your organization connect to your Ironport appliance. setup TLS encryption for all inbound email I chose to set TLS Preferred across the board by enabling TLS on my ‘Accepted’ and Read more [...]

How to add email address domain to IronPort whitelist

Background: In an IronPort, the "WHITELIST" is sender group is linked to the TRUSTED Mail Flow Policy.   The TRUSTED policy contains reduced restrictions and is not scanned for Spam.  Note: IronPort reputation IP filters are still in affect, however the false positive rate on the reputation based filtering is less than one in one million. Steps: To add an email domain to the Whitelist sender group, click Mail Policies > HAT Overview Click "Whitelist" Click Add Sender Enter Read more [...]

How to use company logo w Cisco Registered Envelope Service Encryption

Issue: You would like to show your company logo rather than the Cisco logo when sending encrypted emails with the Cisco Envelope Service. Background: When recipients receive emails encrypted with the Cisco Registered Envelope Service (CRES), a cloud-based encryption key service, the Cisco logo is shown if Account Image Profiles have not been setup. Resolution: The Envelope Profile is what is used during provisioning to determine the logo that should be placed on a registered envelope Read more [...]

Ironport LDAP query to IBM Notes / Domino

Issue: You need to configure your Ironport to run LDAP queries against your IBM Lotus Domino environment for the purpose of checking if a recipient is valid. Steps: 1) Open the Ironport LDAP Settings Profile The "Base DN" will be automaticly populated with the Hostname.  However, the Base DN should be empty for "normal" Lotus Domino Domains. In very large complex environments the Base DN can be used to help reduce the results from the ldap query 2) Configure the accept query, which will Read more [...]

Ironport Encryption Provisioning issue: “Unable to provision profile for reason: Cannot find account.”

Background: In order to utilize the IronPort encryption capabilities known as the "Cisco Registered Envelop Service (CRES)", an Encryption Profile must be created and provisioned.  These settings can be found under Security Services > Encryption. Issue: You receive the following error when attempting to provision the Ironport Encryption service: Error — Unable to provision profile "Ironport_Encryption" for reason: Cannot find account. Please make sure that you have correctly Read more [...]